i changed mysql root password and nothing seems to be impacted--hooray!

is there any postfix/courier risk in leaving the mail_admin password as mail_admin_password? i added directives to phpmyadmin to "Allow only from" my subnets, so mail_admin cannot accidently login there. but, could this user login some other way?

(maybe for another post) my ultimate goal is to allow only encrypted pop3, imap and smtp. how can i secure this server?